The present invention relates to an electronic device and a system, and is particularly suited to the prevention of influence, on a system including an electronic device, of a fraudulent operation by fraudulent software installed on the simple electronic device not having a secure boot function.
There is a secure boot as one of functions for preventing information in an electronic device such as a computer or a smartphone from being stolen or destroyed when fraudulent software such as malware is installed on the electronic device and a fraudulent operation is executed. Software provided from the outside is authenticated by a provider or a trusted third party, distributed with an electronic signature, and installed on the electronic device. In a bootup routine at power-on, the electronic device where the software has been installed verifies the electronic signature, confirms that the software is an authentic one provided from a reliable site, and then initiates the software. In this case, the software widely includes medium- and low-level software such as general application software, middleware for communication, a network interface, etc., and driver software, and an operating system (OS).
Japanese Unexamined Patent Publication No. 2008-226160 (Patent Document 1) discloses an information processing device capable of verifying the validity of software even if a certificate becomes invalid and a digital signature is invalidated. When the certificate is not invalidated and the validity of the software is confirmed, a value uniquely calculated from the software is calculated and stored in a storage means. When the digital signature is invalidated, a value uniquely calculated in the same way from the software is calculated and collated with the value stored in the storage means. In the case of a match, it is determined that the software is authentic.
Japanese Unexamined Patent Publication No. 2013-114620 (Patent Document 2) discloses an information processing device capable of surely notifying the fact that the validity of a program executed by a processor for controlling a device is not confirmed. The information processing device includes a second processor in addition to the first processor for controlling the device, and the second processor verifies the validity of the program executed by the first processor at startup of the information processing device. If the validity is confirmed, the first processor is activated. If the validity is not confirmed, an exception notification of unusual state is made by a means different from a user interface of the first processor.
Japanese Unexamined Patent Publication No. 2014-211473 (Patent Document 3) discloses an integrity verification system in which, based on integrity verification of communication data, a configuration device of the system is operated in an adequate case, and the configuration device is not operated to prevent the erroneous control of the configuration device in an inadequate case. A first control device generates data for integrity verification of communication data, and transmits it along with the communication data to a second control device and a detection server. The detection server acquires additional information for verification as necessary, performs integrity verification processing on the communication data received from the first control device, and transmits a verification result to the second control device and a control server. The second control device does not perform a control task based on the communication data until receiving the verification result of the integrity of the communication data from the detection server. If the verification result transmitted from the detection server indicates adequateness, the second control device performs the control task according to the communication data. If the verification result indicates inadequateness, the second control device does not perform the control task according to the communication data, and transmits an error to the first control device.